2019 Novel Coronavirus-Themed Attacks Take Over Threat Landscape

A new Proofpoint report states that cybercriminals are now mostly only doing campaigns that are related to the 2019 Novel Coronavirus. 80% of all threats found by the Proofpoint are related to coronavirus.

The latest analysis involved over half a million email messages, 300,000 malicious weblinks, and more than 200,000 malicious email attachments. Proofpoint experts identified more than 140 phishing and malware attack campaigns and the number is still rising. The coronavirus theme spans practically all possible threats, with COVID-19 campaigns being carried out by small players to high profile APT groups. The email campaigns are varied and often change. Proofpoint researchers believe the diverse nature of attacks will keep going and attacks will most likely increase.

A Check Point report shows an identical story. In mid-February, Check Point saw some hundred coronavirus-related malware attacks each day. In late March, attacks had gone up to 2,600 each day with 5,000 attacks recorded on March 28, 2020. These attacks engaged emails having “Corona” or “COVID” in the subject line, email attachment name, or tied up to domain or URL with those terms.

In the past two weeks solely, Check Point Research reveals that more than 30,000 domain names were picked up associated with the coronavirus. Although only 0.4% of the domains were affirmed as malicious, 9% were suspicious, and a lot more can be used by cybercriminals for phishing, malware distribution, or fraud. The researchers take note that more than 51,000 coronavirus-linked domains were registered since mid-January.

Cloudflare analyzed online threats and revealed the 6-fold increase in online threats in the last month. Barracuda Networks reported a 600% growth in phishing attacks from the end of February and noticed a rise in impersonation scams and business email compromise attacks.

The FBI already released warnings related to coronavirus and COVID-19-associated phishing scams and another alert was given on April 1, 2020 concerning the threat of attacks on software and computer systems being utilized to help at-home employees. Because of the rise in the number of at-home employees for the duration of the 2019 Novel Coronavirus pandemic, many people turn to teleconference and telework options to retain contact with companies, and customers.

Cybercriminals are looking for exploitable vulnerabilities in virtual private network (VPN), teleconferencing and telework options hence the FBI expects elevated exploits of vulnerabilities across the coming weeks. These attacks are intended to steal sensitive data and propagate malware and ransomware.

Staff at the FBI’s Internet Crime Complaint Center (IC3) reviewed 1,200 complaints concerning COVID-19-related scams by March 30, 2020. Attacks were reported by first responders and medical facilities dealing with the COVID-19 outbreak. The FBI has cautioned the continuance of these attacks, and it is probably that threat actors will additionally start targeting people today working from home.

Cautiously consider the programs you or your company uses for telework purposes, such as video conferencing program and voice over Internet Protocol (VOIP) conference call systems. Malicious cyber actors are searching for means to exploit telework software vulnerabilities to be able to acquire sensitive information, eavesdrop on conference calls or virtual meetings, or perform other malicious activities.

Echoing the discoveries of Barracuda Networks, the FBI has cautioned concerning BEC scams subsequent to receiving several complaints from companies that cybercriminals are performing BEC attacks demanding early payments due to COVID-19. There were also attempts made to change direct deposit details for workers to redirect payroll.

Many companies have been pressured into purchasing new portable devices to enable their workers to work from home. The FBI gives warning that these devices have a risk of pre-installed malware, which could quickly be transmitted to business networks when staff connects via network.